As more and more employees bring their own smartphones and tablets into the workplace (from iOs to Android devices), the need for keeping data secure on these devices becomes critical. Credant for Mobile Device Security puts your organization in total control of your data, whether it’s stored or accessed on personally owned or corporately owned mobile devices. Because Credant for Mobile Device Security is centrally managed, IT departments can easily: Integrate iOS and Android devices, by tapping into native security features there is no loading and configuring of apps onto the device Set policies and restrictions across the enterprise such as requiring a PIN or disabling backups Execute commands quickly and efficiently, including reset password or if necessary remote wipe Automatically detect unenrolled devices and remove those devices’ access to corporate data if they are lost, stolen or must be deprovisioned Compile compliance reports including reports that meet auditor or regulated compliance reporting “Our customers are facing…

First I’ll talk a little bit more about some of the elements of a platform and why it’s better than the traditional approach. One of the reasons is because you provide a framework. And by framework what I mean is that you have well defined concepts and integration points. What are all the ways that I can protect it in both stream form and block form? And in file form or in motion. It gives you a very consistent ways of dealing with data. And what that means is that when new things come along, new Cloud services or new mobile services, you already have a place built into your architecture where you can add support for that. It’s not a whole new reengineering and rearchitecture because the framework has accounted for fundamentally what the structure of the problem is. We’ve all seen lots of frameworks. Some of which have then…

So what’s the alternative? Well the alternative really is what we’re calling here the data protection platform, and a platform that can provide a central set of services where the data protection goes with the data as the data moves across the data life cycle. So what you do is you encrypt the data within your enterprise and as the data moves it stays encrypted. There are some challenges with doing that – which I’ll talk about later. But some of the core tenants that you need to be a successful platform is you need obviously to have simple control and management visibility into where your data is, how it’s being protected, how to recover access to it. How to manage and report on the system in terms of keys and compliance and collaboration and how to report and audit that you’re complying. Now of course to make something like…

What would that new approach look like then? What are the solutions to integrating security? There’s at least two options. The traditional approach – let’s implement security for data of each type or each type of end point or service. And then a new approach – one that spans all (data of each type or each type of end point or service). Now the benefit in the past of taking door number one, if you will, the individual technology choice for each platform type. The benefit is that you go deep on each type of platform, and you have a lot of different service and protection offering. The challenge with it is it is really complex and expensive. And as more and more options for end-users grow, we believe this approach becomes untenable. That if you go deep on every platform and you have to have a deep kind of…

To illustrate the point just in the area of key management, a Computer Weekly survey found that 88 percent of organizations had multiple administrators managing their encryption keys. And that doesn’t mean that those multiple administrators are required to look over one another’s shoulder when other keys are accessed, it means that they have a lot of different people who have to have access to the keys. And 22 percent have ten or more. This basically means that there’s a lot of opportunity for things like collusion or wiki leaks or insider threats. It also speaks to the complexity of the environments and the need to have all these people trained on these systems just to understand them. Interestingly, 42 percent of administrators are managing encryption technologies from at least four suppliers while eight percent are dealing with more than ten suppliers. This is amazing considering the complexity that can exist…

I want to start off with essentially the bad news – we’re seeing more and more security challenges arise. I’m going to walk through why traditional approaches and traditional thinking for solving data protection problems is beginning to fail. The big three challenges that we’re facing right now include: BYOD (what used to be called consumerization) – the concept is that end-users in organizations are in more and more control, they want more and more services and they use their mobile devices to get it. The Cloud – this next one plays on those mobile devices and the need to access the Cloud. Mobility – the underlying trend here is just that the workforces and populations in general are more and more mobile now a days. So what’s IT trying to achieve? Today, IT departments still have traditional full time employment, essentially 100 percent utilized just trying to meet their…

SELF-ENCRYPTING DRIVES Let’s look at the software impact of upgrading to Windows 7 and what it can have on Bitlocker. As part of the hardware refresh that can occur associated with these updates the other thing that can happen is people start to look at self-encrypting drive technology (which is becoming more and more available, more and more cost effective). SED? WHAT’S THAT? The idea here is the drive is essentially self-defending. So you’ve got a self-encrypting drives, an SED as it’s called. It’s often abbreviated. Usually a fixed disk, which uses some kind of hardware based encryption. The standard for these is OPAL. You’ll see more and more devices that are OPAL compliant. They’re made by people like Hitachi, Toshiba, Seagate and Samsung. So there’s a number of different manufactures now and most of those are moving to some kind of OPAL complaint SED. The Trusted Computing Group…

THINKING ABOUT UPGRADING? Many organizations start to think about the process of upgrading to Windows 7 because inherently with Windows 7 there are additions that you might want to make use of. This makes you question integration and the opportunities and challenges it can bring. One of those opportunities might be Windows BitLocker. Organizations with Ultimate and Enterprise editions of Windows 7 should be looking at Windows BitLocker. We’ll examine what the thinking around BitLocker should be, and how to plan and be successful with BitLocker as part of your overall strategy. As you’re upgrading, it’s a great opportunity to look at things like self-encrypting drives. There’s also a lot of buzz around removable media as part of the changed Windows 7, but at the same time, you can think about a broader strategy: Windows, removable media, mobility increasingly, and even cloud services. All of these things are having an impact…

PRE-BOOT AUTHENTICATION PAIN Let’s shift gears to pre-boot authentication (PBA). That’s the step in which the user first powers up their system and types in the authentication. They’re telling the system, “Yes, it really is me. Please continue booting and unlock all of the data.” However, if you’ve lived with a pre-boot system before, you know that it can have some real challenges. If it requires the user to learn a new step, or have a different password than they normally use, they’re typing on their domain. If there are IT processes that don’t have a pre-boot authentication step and then that system might apply patches because it can potentially get broken by the pre-boot authentication step. First of all, self-encrypting drives (SEDs) implement PBA a little differently from software based full disk encryption. It’s a little simpler to hook into. As a result, you have good SED management capabilities…

SED? WHAT’S THAT? A self-encrypting drive (SED) is a disk that has built-in hardware-based encryption. It’s essentially a drive that is enabled to encrypt all the information that gets written to it and that encryption is done by specialized hardware that has a number of really important and significant implications for how to use it, where to use it, how to manage it and so on. They’re made by a number of manufacturers – Hitachi, Toshiba, Seagate, and Samsung, to name a few. There’s a number of organizations that are drive manufacturers that are building out their capability to supply self-encrypting drives. And the reason is that they are becoming very, very popular. Both from the perspective of people wanting to put them in, but also I think from the perspective of organizations looking at them for the first time or maybe coming back and revisiting them. The Trusted Computing…